March Threat Modeling Workshop

Over the past six months, a core group within #misec has been developing a threat modeling approach. We held a small focus group in October to work out the approach. The concepts were presented at GrrCon, BSides Jackson, BSides Columbus, and the local ISSA chapter. With that, we received a lot of feedback and improved the model. We are now ready to hold a larger workshop on threat modeling.

Workshop tickets, free as always, are available here:
https://www.eventbrite.com/e/misec-threat-modeling-workshop-tickets-10586136419

Saturday, March 8th, 10 am to 4 pm

R.L. Polk
26533 Evergreen, 9th floor
Southfield, MI 48076

Please meet us at the North Entrance. One of us will show you up stairs.

MiSec Meetup March 2014

March is the quarterly OWASP Detroit meeting and will feature a presentation by Robert Former on embedded encryption.

Bio:

Robert Former is a security engineer with 20 years of experience in the IT field. Throughout his career, Robert has worked in many aspects of Information Technology and has experience in the design, implementation, and operation of cabling, LAN, WAN, MAN, both traditional and IP telephony, data centers, server systems, and, for the last 9 years, information security and compliance. Robert currently holds the ISC(2) CISSP™, ISACA CISA™, and NSA IAM/IEM certifications. He is employed by Neohapsis, a leading security research and consulting firm based in Chicago, IL, as a Senior Security Consultant. In his spare time, Robert enjoys spending time with his family as well as pursuing photography, sailing and amateur radio.

Abstract:

Encryption is a tricky business in the best of circumstances. Encryption on embedded systems is a minefield of opportunity for poor implementation. This talk will explore some common missteps in crypto implementations on embedded systems focusing on Internet of Things (IoT) and smart meters. Ways of avoiding the common mistakes will be presented and offered up for discussion.

Thursday, March 13th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup February 2014

For February, Zach (@quine) will be presenting on his research into the new BlackBerry smart phones.

No Apology Required: Deconstructing BB10

BB10, BlackBerry’s next generation mobile operating system, is a stark departure from the traditional BlackBerry OS. Like its cousin, TabletOS on the PlayBook, it’s based on QNX and supports numerous frameworks and runtimes (including support for Android), as well as native code — a first for BlackBerry devices. Incidentally, it’s also chock full of peculiar design decisions and strange bits of hackish glue, many of which give rise to vulnerabilities.

In this talk, we will present our objective security analysis of BB10, focusing on the methodology used in assessing this black box system. We will discuss processes used to gain low level access to the system, analyze system internals and firmware, and instrument processes. We will also explore network and application attack surfaces, documented and observed security controls, and findings from our assessment.

Thursday, February 13th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

BSides Columbus

BSides Columbus is coming up and John (@Cranky_JC) is organizing the invasion. The time and place:

When: Monday, January 20th, 2014
Where: Doctors Hospital West, 5100 W Broad St, Columbus, OH 43228

BSides Columbus is being keynoted by Dave Kennedy and Jayson Street. The speaker line-up includes #misec favorites like Steven Aiello, Nick Jacob, Mark Kikta, and Wolf Goerlich. There is no better way to spend a Monday.

Schedule:
http://cmhbsides2014.busyconf.com/schedule

Carpool sign-up:
http://bit.ly/1lYTXUE

MiSec Meetup January 2014

Ushering in the new year, Steven Fox is presenting on Open Source Intelligence (OSINT) at the first meet-up of 2014.

The Lens of Trust – Investigating Crime with OSINT

Missing persons cases, kidnapping, financial fraud; these are some of the cases investigated with the use of open information sources. Long thought to be a tool of cyber miscreants, Open Source Intelligence (OSINT) is playing an increasingly popular role in gathering indicators of criminal activity, analyzing the data for patterns, and deriving intelligence to supplement traditional investigations.

This session explores a case where the rigor of jurisprudence enabled the use of OSINT to gather evidence for analysis in the courts. Attendees will learn how the rules of evidence were applied to social media findings and how that data was handled and used to solve a criminal mystery.

Steven F. Fox provides security guidance to ensure compliance with Federal standards and requirements as a Senior Security Architecture and Engineering Advisor for the IRS. Fox contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup and the Security and Privacy workgroup. He brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, an IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. He is a syndicated blogger covering IT Governance, Risk Management and IT-Business fusion topics. He also volunteers his time to the Ponemon Institute and Security BSides Detroit.

Thursday, January 9th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup December 2013

At December’s OWASP Detroit meeting, Jeremy Nielson (@jeremynielson) will present Susie the Useful SOC Puppet: A blue-team bedtime story.

Susie spends her days looking at logs. Lots and lots of logs. But one day Susie discovered there was more to being a SOC puppet than just looking for APT1. Follow Susie and her team of puppets as we cover a couple of real-world attack scenarios and how we can apply our IDS alert findings to securing our vulnerable web applications.

Thursday, December 12th, 7-9 pm

First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup November 2013

James Wong is coming to present on his work with Java and cryptography. You can read more here:

Java Cryptography Part 1: Designing a Java Cryptography Header
Java Cryptography Part 2: Encryption and Digital Signatures
Java Cryptography Part 3: Decryption and Verifying Signatures

Steven Fox and J Wolfgang Goerlich will also be doing a lightening talk on creating threat models as a basis for communicating the need for security improvements.

Thursday, November 14th, 7-9 pm
First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup October 2013

This month, OWASP Detroit returns with a night filled with Web application security content. Talks begin at 7:30 pm and run through 9 pm.

Bradley McMahon (@Nullspace): “ORM – let’s make everyone happy”
M (@nerdybeardo): “Password storage sucks!”
Josh Little (@zombietango): “Updates on the OWASP Top 10″

Thursday, October 10th, 7-9 pm
First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup September 2013

This month, James Foster is delivering an encore presentation of his BSides Detroit 13 talk. We will be meeting on the third — rather than the second — Thursday to accommodate GrrCon.

Insidious Implicit Windows Trust Relationships

What’s a trust relationship? Explicit ones are easy — these you setup explicitly and on purpose, like when you want Domain A to trust Domain B for authentication. It’s the implicit ones that will get you, the ones you didn’t setup on purpose. Like when you have the same local administrator password on a bunch of systems (own one, own them all!). Or when a domain admin leaves an access token behind on some user’s workstation (user owns the domain!). If you support or defend Windows systems, you should know about the different kinds of implicit trusts in Windows (accounts, cached credentials and access tokens) and how to reduce your risks from them. Oh, and you know the phase of an APT-style attack after the end user’s workstation is compromised but before they own your domain? The one that is sometimes glossed over with the phrases “lateral movement” and “privilege escalation”? Oftentimes, this happens by exploiting trust relationships.

Thursday, September 19th, 7-9 pm
First Center Building
26911 Northwestern Highway
Southfield, MI 48033

MiSec Meetup August 2013

This month, MiSec moves to its new location in Southfield. Matt Johnson, PowerShell Yoda himself, will be breaking in the new venue. Hope you can join us.

Shattering the Glass: Crafting Post Exploitation Tools with PowerShell

You have achieved your first goal. Shell on a Windows machine. Good. Now the real work is about to start. Where do you go from here? Time to see where we can go and what we can do. PowerShell should be your first place to go. Now included on every Windows machine in the environment this is now the perfect tool for post exploitation. In this talk I will discuss how you can easily use PowerShell to craft tools as part of your post exploitation process that can be reused everywhere with ease. From simple enumeration to data ex-filtration and command and control this talk will dive deep into PowerShell and have you leaving a better infosec pro.

Thursday, August 15th, 7-9 pm
First Center Building
26911 Northwestern Highway
Southfield, MI

Return top

About MichSec.org

We are a collective of Michigan based information security professionals (or maybe just people interested in security) looking to share knowledge and make the world a safer place.